Bug 1584

Summary: umask setting in sshd
Product: Portable OpenSSH Reporter: Leo Baltus <leo.baltus>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: normal CC: djm, dtucker
Priority: P2    
Version: 5.2p1   
Hardware: All   
OS: All   

Description Leo Baltus 2009-04-02 18:50:59 AEDT 
We just upgraded from openssh-5.0p1 to openssh-5.2p1 (linux) to find out 
that sshd changes its umask to drop group-write permissions.

We deliberatly set umask 002 prior to starting sshd to allow group-writeable files to be created.

I am not sure why this is done, but it breaks our setup and also breaks expected behaviour. Also I could not find any discussion on the list in the months leading up to this change, it only seems to be documented in the ChangeLog:

20080615
[...]
   - dtucker@cvs.openbsd.org 2008/06/14 17:07:11
     [sshd.c]
     ensure default umask disallows at least group and world write; ok djm@
 
The packaged opensshd.init.in also assumes umask can be set prior to starting sshd.

Therefor I propose to either undo this change (patch), or make it configurable in sshd_config.
Comment 1 Damien Miller 2009-07-31 11:53:18 AEST 
What behaviour are you are expecting and what is this breaking for you?
Comment 2 Leo Baltus 2009-07-31 17:29:12 AEST 
Hi Damien,

I am expecting to either have a umask setting in the configuration file, or, even better, to not change the umask so sshd will use the umask from the session that started it.

On certain uploadservers we would like users to have a umask 002 by default. so that uploaded files from, say, windows will have group write permission. These users are often collaborating with others and have no clue about permissions.

The current behaviour is a hard change in the software and no means to change it in configuration, that's an unfortunate combination.
Comment 3 Darren Tucker 2009-08-20 23:24:50 AEST 
(In reply to comment #2)
> On certain uploadservers we would like users to have a umask 002 by
> default. so that uploaded files from, say, windows will have group
> write permission. These users are often collaborating with others and
> have no clue about permissions.

So you're talking about the umask of the eventual user's shell?  or an sftp-only session?  Can you set it in whatever shell startup you have?

The reason for the change was that the sshd server itself could also create world writeable files when started with a permissive umask (eg the sshd.pid file).

If it is sftp and you're using the external sftp server you could work around it by pointing "Subsystem sftp" in sshd_config to a shell wrapper that just sets the umask and execs the real sftp-server.
Comment 4 Leo Baltus 2009-08-26 01:25:25 AEST 
I am talking about both shell and sftp sessions.

If a permissive umask would result in a writable pid file, then I feel the problem is with the umask and not with opensshd.
Comment 5 Damien Miller 2009-10-06 15:12:57 AEDT 
OpenSSH 5.4 will include an option to set an explicit umask for sftp sessions and there are a number of ways that a user may control their umask for shell/scp sessions (shell init files, PAM, etc.) We really don't want sshd to run with a loose or non-deterministic umask, so I think this bug can be closed.
Comment 6 Damien Miller 2010-04-16 15:51:16 AEST 
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1